This week I have dived into the logging setup within systemd. Logging now feels like such a 'solved problem' within my systemd experiments. My sufficiently complex multi-machine vagrant setup can have makeshift log aggregation using journalctl, netcat, and socat.
log-server dot sh, running on my host machine:
socat -u tcp-l:8888,reuseaddr,fork STDOUT
log-agent dot sh, running on each machine:
DATE="`date '+%Y-%m-%d %H:%M:%S'`" journalctl -f --since="$DATE" | nc hostip 8888
This is, of course, not a solution specific to systemd or binary logging formats. However, journalctl seems to double as a simple logging agent itself; allowing streaming, filtering, cursors, and multiple output formats (json, single line, etc).
We can further extend log-agent, to include the hostname or other metadata:
DATE="`date '+%Y-%m-%d %H:%M:%S'`" journalctl -f --since="$DATE" \ | sed -u "s,^,[ `hostname` ] ,g" \ | nc hostip 8888
Finally, I would love to replace nc with socat everywhere, using OPENSSL: and OPENSSL-LISTEN to encrypt the logging traffic as it goes from log-agent to log-server.